Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Open the extracted SDFix folder and double click RunThis.bat to start the script.

You will see several choices. (1,2,3,A,B,U,E)
We just want a log.

Type A & hit enter.
It will take a few minutes to complete the scan. Wait till the log pops up.

Post the C:\SystemReport.txt
*=========================*

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete the following:
c:\windows\System32\msethnet.dllc:\windows\System32\NtmsSvcs.dll

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete the following: c:\windows\System32\msethnet.dllc:\windows\System32\NtmsSvcs.dll

Start in Safe ModePlease print the instructions below or copy and paste to Notepad since you will not have internet access while in Safe Mode.

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, continually press F8.

Instead of Windows loading as normal, a menu should appear

Select the first option, to run Windows in Safe Mode.

*=========================*

Please run a GMER Rootkit scan:

Click the Rootkit tab and click the Scan button.

Once done, click the Copy button. This will copy the results to your clipboard. Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.*=========================*

Resart in Normal Mode*=========================*

Post the GMER log.

Rogue

Ohhh, I get it, if I can't see the files, it's because they are gone XD
I thought you were worried about them being STILL there Anyway, the computer is running quite fine, I'm gonna post the log in a while, Thanks

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete the following:
c:\windows\System32\msethnet.dllc:\windows\System32\NtmsSvcs.dll

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F97F362C 5 Bytes JMP 82A721C8
? System32\Drivers\ajomu3i6.SYS The system cannot find the file specified.

Hi Shekb,
This was our most recent file System32\Drivers\ajomu3i6.SYS If you can verfiy with AVG RK that it is still the name of it. Then do the following.
If nothing is found I am at a loss and will consult with some people

Download IceSwordhttp://majorgeeks.com/Icesword_d5199.htmlExtract from zip folder and click on IceSword.exe to run.
This is in two parts
Part One:
On the left menu bar is a File tab.
Use this like windows explorer to navigate to c:\windows\system32/drivers folder.
Then scroll down through the files which are listed alphabetically until you find our mystery file.
Highlight the line and right click with mouse.Use Copy To file function
Save it to your desktop
Save as suspect.sys

Part Two:
Click the Win32 Service under Functions on the left Menu Bar
If any red entries are found:
Click the LOG button at the top of the screen
Save the log to a place where you can easily find it with the name ISservice-list.txtPlease post ISservicelist.txt in your next post, or let me know that there were no red entries.
*=========================*

Please Submit File to VirusTotal for analysis if our file has been found

The only tool that see's this thing is AVG RK and GMER which reports it as 'missing'. Since none of the tools are able to capture this thing I'm going to have to consult with some others as to how to get a copy.
I really believe it's part of one of the games you have installed but want to make sure before sending you on your way.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.